unt80a3.exe

Visual Tools

The application unt80a3.exe by Visual Tools has been detected as adware by 8 anti-malware scanners. This is a setup program which is used to install the application. This will display context specific advertisements in the browser as well as attempt to modify the browser's search provider. It is also typically executed from the user's temporary directory. The file has been seen being downloaded from softs.illyx.com and multiple other hosts.
Publisher:
Visual Tools  (signed and verified)

MD5:
40987d8303f1f8c735ea19cf8786ae20

SHA-1:
02ee4b9fbdd56a94cad254a78b59b16f8ec00ab7

SHA-256:
ce6f42db2087644761dbb4965078ce3c50a85a7e42ce4a4954d2731e6465413a

Scanner detections:
8 / 68

Status:
Adware

Analysis date:
12/24/2024 12:49:34 AM UTC  (today)

Scan engine
Detection
Engine version

Dr.Web
Trojan.StartPage.56734
9.0.1.026

ESET NOD32
Win32/Toolbar.Babylon (variant)
8.9338

Fortinet FortiGate
Riskware/Toolbar_Babylon
1/26/2014

Malwarebytes
PUP.Optional.ToolBarInstaller.A
v2014.01.26.02

McAfee
Artemis!40987D8303F1
5600.7238

Reason Heuristics
PUP.VisualTools.H
14.8.7.22

Trend Micro House Call
TROJ_GEN.F47V0115
7.2.26

XVirus List
Win32.Detected
2.8.7

File size:
404.5 KB (414,232 bytes)

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\appdata\local\temp\unt80a3.exe

Digital Signature
Signed by:

Authority:
Thawte, Inc.

Valid from:
1/10/2013 3:00:00 AM

Valid to:
1/11/2015 2:59:59 AM

Subject:
CN=Visual Tools, O=Visual Tools, L=Belgrade, S=Serbia, C=RS

Issuer:
CN=Thawte Code Signing CA - G2, O="Thawte, Inc.", C=US

Serial number:
789958B0264F06055619270074AFA61F

File PE Metadata
Compilation timestamp:
10/31/2013 6:23:08 PM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
11.0

CTPH (ssdeep):
12288:54RIvL+VXQSPu4jwm6yF92p2Zuy/5LRjf/R1PDTE:54k8LGTULRjxNDTE

Entry address:
0x1C35

Entry point:
55, 8B, EC, 83, E4, F8, B8, 7C, 1A, 00, 00, E8, BB, 62, 00, 00, 53, 56, 33, DB, 57, 8D, 8C, 24, E0, 07, 00, 00, 88, 5C, 24, 0E, C6, 44, 24, 0F, 01, E8, E6, 1A, 00, 00, 53, 89, 9C, 24, 3C, 0A, 00, 00, 89, 9C, 24, 40, 0A, 00, 00, 89, 9C, 24, 44, 0A, 00, 00, C7, 84, 24, 48, 0A, 00, 00, 03, 00, 00, 00, FF, 94, 24, 20, 08, 00, 00, 8D, 8C, 24, E0, 07, 00, 00, 89, 84, 24, 34, 0A, 00, 00, E8, 6D, FA, FF, FF, 8D, 8C, 24, E0, 07, 00, 00, E8, DF, FA, FF, FF, 85, C0, 0F, 85, ED, 00, 00, 00, 8D, 44, 24, 10, 50, 8D, 8C...
 
[+]

Entropy:
7.8026

Developed / compiled with:
Microsoft Visual C++

Code size:
30 KB (30,720 bytes)

The file unt80a3.exe has been seen being distributed by the following 4 URLs.

Remove unt80a3.exe - Powered by Reason Core Security